- Fixed service-file: set working directory, so that the /etc/traefik/acme.json

file can be written in /etc/traefik/acme.json
- Update to version 2.11.8
  - Bug fixes:
    * docker: Update to github.com/docker/docker v27.1.1
    * webui: Upgrade webui dependencies - fixes boo#1224308 and CVE-2024-4068
- Run traefik as traefik user, fixes boo#1227226
- Added ACME confiuration template
- Update to version 2.11.7
  * Bug fixes:
    - [logs]: Make the log about new version more accurate
    - [tls,k8s/crd,k8s]: Enforce default cipher suites list
- Fix for CVE-2024-6104, boo#1227059

OBS-URL: https://build.opensuse.org/package/show/devel:kubic/traefik2?expand=0&rev=9
This commit is contained in:
Johannes Weberhofer 2024-08-08 16:20:24 +00:00 committed by Git OBS Bridge
commit 490d651de4
12 changed files with 881 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

8
_service Normal file
View File

@ -0,0 +1,8 @@
<services>
<service name="download_files" mode="manual">
</service>
<service name="go_modules" mode="manual">
<param name="archive">traefik*.src.tar.gz</param>
<param name="basename">./</param>
</service>
</services>

3
traefik-user.conf Normal file
View File

@ -0,0 +1,3 @@
#Type Name ID GECOS Home directory Shell
u traefik - "HTTP reverse proxy and load balancer" /etc/traefik -
m traefik traefik

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0d8a8f261bd36e6a0190d2a3fa2300e3023d4754dbbc6260243561c96385a0a1
size 11277102

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0c3c39b7f4a9884fbbaa4fbed264b13bcb5c9acc6e3070e0395b487b753d32ee
size 11278872

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e95c47584ee9bd041215de0fcf3627215a4ef48a1cca06fdb638132428521fa2
size 11274154

21
traefik.service Normal file
View File

@ -0,0 +1,21 @@
[Unit]
Description=Traefik
Documentation=https://doc.traefik.io/traefik/
After=network.target network-online.target
Requires=network-online.target
AssertFileIsExecutable=/usr/bin/traefik
AssertPathExists=/etc/traefik/traefik.toml
[Service]
Type=notify
ExecStart=/usr/bin/traefik --configFile=/etc/traefik/traefik.toml
User=traefik
WorkingDirectory=~
Restart=always
WatchdogSec=1s
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target

215
traefik.toml Normal file
View File

@ -0,0 +1,215 @@
################################################################
#
# Configuration sample for Traefik v2.
#
################################################################
################################################################
# Global configuration
################################################################
[global]
checkNewVersion = false
sendAnonymousUsage = false
#[tls.options]
# [tls.options.default]
# sniStrict = true
################################################################
# As the HTTP/3 spec is still in draft, HTTP/3 support in
# Traefik is an experimental feature and needs to be activated
# in the experimental section of the static configuration.
#
# Will be a stable feature starting with version 3
#
# https://doc.traefik.io/traefik/routing/entrypoints/#http3
################################################################
#[experimental]
# http3 = true
################################################################
# Entrypoints configuration
#
# https://doc.traefik.io/traefik/routing/entrypoints/
################################################################
# Optional
# Default:
[entryPoints]
[entryPoints.web]
address = ":80"
## Redirect all requests incoming from http to https
## websecure/https must be enabled to be use this configuration
##
## https://doc.traefik.io/traefik/routing/entrypoints/#redirection
##
# [entryPoints.web.http]
# [entryPoints.web.http.redirections]
# [entryPoints.web.http.redirections.entryPoint]
# to = "websecure"
# scheme = "https"
## Enable the https endpoint at port 443
##
# [entryPoints.websecure]
# address = ":443"
## Enable the http3 and advertize it at UDP port 443
## In Version 2.x the experimental http3 feature must be enabled
# [entryPoints.websecure.http3]
# advertisedPort = 443
################################################################
# Traefik logs configuration
#
# https://doc.traefik.io/traefik/observability/logs/
################################################################
# Traefik logs
# Enabled by default and log to stdout
#
# Optional
#
[log]
# Log level
#
# Optional
# Default: "ERROR"
#
# level = "DEBUG"
# Sets the filepath for the traefik log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
# filePath = "/var/log/traefik/traefik.log"
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format = "json"
################################################################
# Access logs configuration
#
# https://doc.traefik.io/traefik/observability/access-logs/
################################################################
# Enable access logs
# By default it will write to stdout and produce logs in the textual
# Common Log Format (CLF), extended with additional fields.
#
# Optional
# [accessLog]
# Sets the file path for the access log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
# filePath = "/var/log/traefik/access.log"
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format = "json"
################################################################
# API and dashboard configuration
#
# https://doc.traefik.io/traefik/operations/api/
################################################################
# Enable API and dashboard
[api]
# Enable the API in insecure mode
#
# Optional
# Default: false
#
#insecure = true
# Enabled Dashboard
#
# Optional
# Default: true
#
# dashboard = false
################################################################
# Ping configuration
#
# https://doc.traefik.io/traefik/operations/ping/
################################################################
# Enable ping
[ping]
# Name of the related entry point
#
# Optional
# Default: "traefik"
#
# entryPoint = "traefik"
################################################################
# Docker configuration provider
#
# https://doc.traefik.io/traefik/providers/docker/
################################################################
# Enable Docker configuration provider
#[providers.docker]
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
#
# Required
# Default: "unix:///var/run/docker.sock"
#
# endpoint = "tcp://10.10.10.10:2375"
# Default host rule.
#
# Optional
# Default: "Host(`{{ normalize .Name }}`)"
#
# defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)"
# Expose containers by default in traefik
#
# Optional
# Default: true
#
# exposedByDefault = false
################################################################
# File provider backend
#
# https://doc.traefik.io/traefik/providers/file/
################################################################
# Enable File configuration provider
[providers.file]
# Defines the path to the directory that contains the
# configuration files.
# Default: unset
#
directory = "/etc/traefik/conf.d"
# Set the watch option to true to allow Traefik to automatically
# watch for file changes
# Default: false
#
watch = true

466
traefik2.changes Normal file
View File

@ -0,0 +1,466 @@
-------------------------------------------------------------------
Wed Aug 7 08:11:10 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Fixed service-file: set working directory, so that the /etc/traefik/acme.json
file can be written in /etc/traefik/acme.json
- Update to version 2.11.8
- Bug fixes:
* docker: Update to github.com/docker/docker v27.1.1
* webui: Upgrade webui dependencies - fixes boo#1224308 and CVE-2024-4068
-------------------------------------------------------------------
Wed Jul 31 16:47:51 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Run traefik as traefik user, fixes boo#1227226
- Added ACME confiuration template
- Update to version 2.11.7
* Bug fixes:
- [logs]: Make the log about new version more accurate
- [tls,k8s/crd,k8s]: Enforce default cipher suites list
- Fix for CVE-2024-6104, boo#1227059
-------------------------------------------------------------------
Thu Jul 4 08:37:21 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Update to version 2.11.6
* Bug fixes:
- Fix for CVE-2024-39321 bsc#1227515
- [ecs] Fix ECS config for OIDC + IRSA (gh#traefik/traefik#10814 by mmatur)
- [http3] Disable QUIC 0-RTT (gh#traefik/traefik#10867 by mmatur)
- [middleware,server] Remove interface names from IPv6 (gh#traefik/traefik#10813 by JeroenED)
-------------------------------------------------------------------
Wed Jun 19 15:50:59 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Update to version 2.11.5
* Updated libraries
-------------------------------------------------------------------
Wed Jun 19 15:42:15 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Update to version 2.11.4
* Bug fixes:
[acme] Update go-acme/lego to v4.17.3 (#10768 by ldez)
-------------------------------------------------------------------
Thu May 23 15:10:27 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Update to version 2.11.3
* CVEs:
* CVE-2024-24788 (bsc#1224018): A malformed DNS message in response to a
query can cause the Lookup functions to get stuck in an infinite loop.
* Bug fixes:
[server] Remove deadlines for non-TLS connections
(gh#traefik/traefik#10615 by rtribotte)
[webui] Display of Content Security Policy values getting out of screen
(gh#traefik/traefik#10710 by brandonfl)
[webui] Fix provider icon size
* Additional fixes: bnc#1224308 and bnc#1224384
- Packaging:
* Use Traefik's src.tar.gz files containing a pre-built frontend to simplify the packaging process
* Fixes bsc#1224308 and bsc#1224384
- Removed allow-node-21.patch and prepare-sources.sh script
-------------------------------------------------------------------
Mon May 6 12:38:39 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Renamed package traefik to traefik2
-------------------------------------------------------------------
Fri May 3 15:14:17 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Added allow-node-21.patch to allow building with nodejs21, too
- Removed traefik-fix-int-overflow-with-go-generate-10452.patch
- Update to version 2.11.2
* Important
* Read the migration guide at https://doc.traefik.io/traefik/migration/v2/#v2112
* CVEs:
* GHSA-7f4j-64p6-5h5v (related to CVE-2023-45288)
* CVE-2024-28869 (bsc#1222825)
* Bug fixes:
* [server] Revert LingeringTimeout and change default value for ReadTimeout
* [server] Set default ReadTimeout value to 60s
- Update to version 2.11.1:
* Bug fixes:
* [acme,tls] Enforce handling of ACME-TLS/1 challenges
* [acme] Update go-acme/lego to v4.16.1
* [acme] Close created file in ACME local store CheckFile func
* [docker,http3] Update to quic-go v0.42.0 and docker/cli v24.0.9
* [docker,marathon,rancher,ecs,tls,nomad] Allow to configure TLSStore default generated certificate with labels
* [ecs] Adjust ECS network interface detection logi
* [logs,tls] Fix log when default TLSStore and TLSOptions are defined multiple times
* [middleware] Allow empty replacement with ReplacePathRegex middleware
* [plugins] Update Yaegi to v0.16.1
* [provider,rules] Don't allow routers higher than internal ones
* [rules] Reserve priority range for internal router
* [server,tcp] Introduce Lingering Timeout
* [tcp] Enforce failure for TCP HostSNI with hostname
* [tracing] Bump Elastic APM to v2.4.8
* [webui] Fix dashboard exposition through a router
* [webui] Display IPAllowlist middleware configuration in dashboard
* [webui] Make text more readable in dark mode
* [webui] Migrate to Quasar 2.x and Vue.js 3.x
* [webui] Add a horizontal scroll for the mobile view
-------------------------------------------------------------------
Wed Mar 6 11:13:51 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Remove node_modules.sums left over by obs-service-node_modules
-------------------------------------------------------------------
Tue Mar 5 10:54:13 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- configuration changes:
* Enhanced default configuration file, including configs for http3 support.
* Docker configuration has been disabled per default, file provider has been enabled.
The directory for the file provider has been set to /etc/traefik/conf.d
* Prepared directories for logging in /var/log/traefik
* Enhanced default configuration file, including configs for http3 support. Settings
are disabled per default.
- packaging general:
* Use standard source-download feature, modified _service file and removed _servicedata
* packagers can invoke `prepare-sources.sh` to doenload sources and prepare go-packages
as well as node_modules for the built process.
- frontend packaging:
* The frontend will now be packaged on OBS to have reproduceable builds.
- Go packaging:
* Added upstream patch traefik-fix-int-overflow-with-go-generate-10452.patch to
allow packaging on 32bit architectures gh#traefik/traefik#10451
* Enabled CGO because there is no cross compilation needed in OSB (we build
packages for every distribution/architecture seperately). PIE can not be used
with CGO enabled for most architectures and is reported as failure sinc go 1.22.
See https://github.com/golang/go/issues/64875
* Don't use pie-buildmode for ppc64 and s390x architectures
- Update to version 2.11.0:
* Enhancements:
* [middleware] Deprecate IPWhiteList middleware in favor of IPAllowList
* [redis] Add Redis Sentinel support
* [server] Add KeepAliveMaxTime and KeepAliveMaxRequests features to entrypoints
* [sticky-session] Hash WRR sticky cookies
* Bug fixes:
* [acme] Update go-acme/lego to v4.15.0
* [authentication] Fix NTLM and Kerberos
* [file] Fix file watcher
* [file] Update github.com/fsnotify/fsnotify to v1.7.0
* [http3] Update quic-go to v0.40.1
* [middleware,tcp] Add missing TCP IPAllowList middleware constructor
* [nomad] Update the Nomad API dependency to v1.7.2
* [server] Fix ReadHeaderTimeout for PROXY protocol
* [webui] Fixes the Header Button
* [webui] Fix URL encode resource's id before calling API endpoints
-------------------------------------------------------------------
Wed Feb 21 14:21:09 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Fixed packaging of UI
-------------------------------------------------------------------
Fri Dec 08 12:51:12 UTC 2023 - alexandre.vicenzi@suse.com
- Update to version 2.10.7:
* CVEs:
* CVE-2023-45283 (boo#1216943)
* CVE-2023-45284 (boo#1216944)
* CVE-2023-47124 (boo#1217806)
* CVE-2023-47633 (boo#1217807)
* CVE-2023-47106 (boo#1217804)
* GHSA-7v4p-328v-8v5g, CVE-2023-39325 (boo#1216109)
* Bug fixes:
* [accesslogs] Fix preflight response status in access logs
* [accesslogs] Move origin fields capture to service level
* [acme] Do not check for wildcard domains for non DNS challenge
* [acme] Remove backoff for http challenge (CVE-2023-47124)
* [acme] Update go-acme/lego to v4.14.0
* [consul,consulcatalog] Update github.com/hashicorp/consul/api
* [http3] Update quic-go to v0.39.1
* [k8s/crd] Fix multiple subsets endpoint
* [k8s/ingress,k8s/crd,k8s,hub] Clean code related to Hub
* [k8s/ingress,k8s] fix: avoid panic on resource backends
* [kv] Ignore ErrKeyNotFound error for the KV provider
* [logs] Fixed datadog logs json format issue
* [metrics] Enable Prometheus provider cleanup when only the router's metrics level is activated
* [middleware,authentication] Adjust forward auth to avoid connection leak
* [middleware,server] Improve CNAME flattening to avoid unnecessary error logging
* [middleware,tracing,plugins] fix: traceability of the middleware plugins
* [middleware] Allow X-Forwarded-For delete operation
* [middleware] Encode query semicolons
* [middleware] Fix stripPrefix middleware is not applied to retried attempts
* [middleware] Missing trailer with custom errors middleware
* [middleware] Support informational headers in middlewares redefining the response writer
* [plugins] Improve error messages related to plugins
* [provider] Refuse recursive requests (CVE-2023-47633)
* [server] Deny request with fragment in URL path (CVE-2023-47106)
* [server] Update x/net and grpc/grpc-go
* [tracing] Remove deprecated code usage for datadog tracer
* [tracing] Update DataDog tracing dependency to v1.50.1
* [webui] Add missing accessControlAllowOriginListRegex to middleware view
* Fix false positive in url anonymization
* Misc:
* [webui] Updates the Hub tooltip content using a web component and adds an option to disable Hub button
- Update Go version (CVE-2023-45283, CVE-2023-45284, CVE-2023-39325)
-------------------------------------------------------------------
Mon Jun 12 17:26:46 UTC 2023 - alexandre.vicenzi@suse.com
- Update to version 2.10.1:
* CVEs
* CVE-2022-41724 (bsc#1208271)
* CVE-2023-24534 (bsc#1210127)
* CVE-2023-29013 (bsc#1210505)
* Enhancements
* [docker] Expose ContainerName in Docker provider
* [hub] Remove hub configuration out of experimental
* [k8s/crd] Introduce traefik.io API Group CRDs
* [k8s/ingress,k8s/crd,k8s] Native Kubernetes service load-balancing
* [middleware,metrics] Add prometheus metric requests_total with headers
* [nomad] Support multiple namespaces in the Nomad Provider
* [tracing] Add support to send DataDog traces via Unix Socket
* [webui] Display period setting of the RateLimit middleware in the webui
* [webui] Modify the Hub Button
* Bug fixes
* [docker] Expose ContainerName in Docker provider
* [docker] Only warn about missing docker network when network_mode is not host or container
* [ecs] Prevent panicking when a container has no network interfaces
* [file] Make file provider more resilient wrt first configuration
* [hub] hub: get out of experimental.
* [k8s/crd] Introduce traefik.io API Group CRDs
* [k8s/ingress,k8s/crd,k8s] Native Kubernetes service load-balancing
* [logs] Differentiate UDP stream and TCP connection in logs
* [metrics] Include user-defined default cert for traefik_tls_certs_not_after metric
* [middleware,metrics] Add prometheus metric requests_total with headers
* [middleware] Prevent from no rate limiting when average is zero
* [middleware] Prevents superfluous WriteHeader call in the error middleware
* [middleware] Sanitize X-Forwarded-Proto header in RedirectScheme middleware
* [nomad] Fix default configuration settings for Nomad Provider
* [nomad] Fix Nomad client TLS defaults
* [nomad] Support multiple namespaces in the Nomad Provider
* [plugins] Improve DeepCopy of PluginConf
* [server] Remove User-Agent header removal from ReverseProxy director func
* [tls,tcp] Adds the support for IPv6 in the TCP HostSNI matcher
* [tracing] Add support to send DataDog traces via Unix Socket
* [server] Update golang.org/x/net to v0.7.0 (CVE-2022-41724)
- Update Go version (CVE-2023-24534, CVE-2023-29013)
-------------------------------------------------------------------
Tue Jan 17 09:48:46 UTC 2023 - alexandre.vicenzi@suse.com
- Update to version 2.9.6:
* CVEs
* CVE-2022-23469
* CVE-2022-46153
* CVE-2022-41717
* Bug fixes
* [acme] Update go-acme/lego to v4.9.1
* [k8s/crd] Support of allowEmptyServices in TraefikService
* [logs] Remove logs of the request
* [plugins] Increase the timeout on plugin download
* [server] Update golang.org/x/net (CVE-2022-41717, bsc#1207208)
* [tls] Handle broken TLS conf better
* [tracing] Update DataDog tracing dependency to v1.43.1
* [webui] Add missing serialNumber passTLSClientCert option to middleware panel
-------------------------------------------------------------------
Mon Nov 28 12:10:58 UTC 2022 - alexandre.vicenzi@suse.com
- Update to version 2.9.5:
* Enhancements
* [acme,tls] ACME Default Certificate
* [consul,etcd,zk,kv,redis] Update valkeyrie to v1.0.0
* [consulcatalog,nomad] Support Nomad canary deployment
* [consulcatalog] Move consulcatalog provider to only use health apis
* [docker] Add support for reaching containers using host networking on Podman
* [docker] Use IPv6 address
* [docker] Add allowEmptyServices for Docker provider
* [ecs] Add support for ECS Anywhere
* [healthcheck] Add a method option to the service Health Check
* [http3] Upgrade quic-go to v0.28.0
* [http] Start polling HTTP provider at the beginning
* [k8s/crd,plugins] Load plugin configuration field value from Kubernetes Secret
* [logs,tcp] Quiet down TCP RST packet error on read operation
* [metrics] Add traffic size metrics
* [middleware,pilot] Remove Pilot support
* [rules,tcp] Support ALPN for TCP + TLS routers
* [tcp,service,udp] Make the loadbalancers servers order random
* [tls] Change default TLS options for more security
* [tracing] Add Datadog GlobalTags support
* Bug fixes
* [logs,middleware] Create a new capture instance for each incoming request
* [acme] Update go-acme/lego to v4.9.0
* [kv,redis] Fix Redis configuration type
* [logs,middleware,metrics] Handle capture on redefined http.responseWriters
* [middleware,k8s] Remove raw cert escape in PassTLSClientCert middleware
* [plugins] Update Yaegi to v0.14.3
* Remove side effect on default transport tests
* [acme] Fix ACME panic
* [server] Update golang.org/x/net to latest version
* [consulcatalog] Fix UDP loadbalancer tags not being used with Consul Catalog
* [docker,rancher,ecs,provider] Simplify AddServer algorithm
* [plugins] Allow empty plugin configuration
* [rules] Fix query parameter matching with equal
* [server] Optimize websocket headers handling
* [plugins] Update Yaegi to v0.14.2
* [server] Fix IPv6 addr with square brackets
* [webui,api] Display default TLS options in the dashboard
-------------------------------------------------------------------
Wed Sep 07 10:11:41 UTC 2022 - alexandre.vicenzi@suse.com
- Update to version 2.8.4:
* Enhancements
* [consul,consulcatalog] Support multiple namespaces for Consul and ConsulCatalog providers
* [logs] Add destination address to debug log
* [middleware,provider,tls] Deprecate caOptional option in client TLS configuration
* [middleware] Support URL replacement in errors middleware
* [middleware] Allow config of additional CircuitBreaker params
* [provider] Implement Traefik provider for Nomad orchestrator
* [server] Allow HTTP/2 max concurrent stream configuration
* [tls,k8s/crd] Support certificates configuration in TLSStore CRD
* [webui,pilot,hub] Add Traefik Hub button and deprecate Pilot
* [webui,plugins] Reach the catalog of plugins from the Traefik dashboard
* Bug fixes
* [docker,docker/swarm] Fix Docker provider mem leak on operation retries
* [middleware] Fix retry middleware on panic
* [plugins] Allow Traefik starting even if plugin service is unavailable
* [marathon] Add missing context in backoff for Marathon
* [k8s/ingress,k8s] Place namespace before name in router key for Ingress
* [logs,middleware,tracing] Remove request dump from IPWhitelist debug log and tracing message
* [metrics] Control allocation and copy of labelNamesValues type
* [metrics] Fix service up gauge for Prometheus metrics
* [yaml] Add missing inline tag for YAML serialization
* [middleware,metrics] Improve performances when Prometheus metrics are enabled
* [middleware] Support forwarded websocket protocol in RedirectScheme
* [nomad] Use configured token in the Nomad client
* [metrics] Ensure Datadog client is cleanly stopped
* [healthcheck,service] Do not make multiple requests to the same URL for balancer healthcheck
* [healthcheck,service] Add log when missing path in health check
* [k8s/gatewayapi] Allow multiple listeners on same port in Gateway API provider
* [middleware] RedirectScheme redirects based on X-Forwarded-Proto header
* [rules] Fix HostRegexp and Query muxers
* [logs] Fix invalid placeholder in log message
-------------------------------------------------------------------
Tue Jun 07 08:27:42 UTC 2022 - alexandre.vicenzi@suse.com
- Update to version 2.7.0:
* Enhancements
* [consulcatalog] Watch for Consul events to rebuild the dynamic configuration
* [healthcheck] Add Failover service
* [http3] Configure advertised port using h3 server option
* [hub] Add Traefik Hub Integration
* [k8s/crd,k8s] Allow empty services in Kubernetes CRD
* [metrics] Support InfluxDB v2 metrics backend
* [plugins] Remove Pilot token setup constraint to use plugins
* [provider] Refactor configuration reload/throttling
* [rules,tcp] Add HostSNIRegexp rule matcher for TCP
* [tcp] Add muxer for TCP Routers
* [webui,pilot] Add Traefik Hub access and remove Pilot access
* [webui] Add a link to service on router detail view
* Bug fixes
* [hub] Skip Provide when TLS is nil
* [tcp] Fix TCP-TLS/HTTPS routing precedence
* [webui,hub] Use dedicated entrypoint for the tunnels
* [logs,k8s/crd] Fix log statement for ExternalName misconfig
* [tcp,service] Fix initial tcp lookup when address is not available
* [tls] Fix panic when getting certificates with non-existing store
* [acme] Fix RenewInterval computation in ACME provider
* [ecs,logs] Remove duplicate error logs
* [ecs] Filter out ECS anywhere instance IDs
* [middleware] Re-add missing writeheader call in flush
* [middleware] Fix bug for when custom page is large enough
* [middleware] Fix regexp handling in redirect middleware
* [plugins] Fix slice parsing for plugins
* [tls] Return TLS unrecognized_name error when no certificate is available
* [acme] Add domain to HTTP challenge errors
* [metrics] Fix metrics bucket key high cardinality
* [middleware,tls] Use CNAME for SNI check on host header
* [middleware,tracing] Rename Datadog span tags
* [tls] Apply the same approach as the rules system on the TLS configuration choice
-------------------------------------------------------------------
Fri Feb 04 13:37:58 UTC 2022 - alexandre.vicenzi@suse.com
- Update to version 2.6.0:
* Updated Kubernetes Gateway API provider
* Consul Enterprise support
* Consul Connect support
* Inflight request middleware for TCP routers
* HTTP/3 support (experimental)
* Added support for loading plugins directly from the filesystem (Local Plugins)
* Added ability to create Provider Plugins
* Added TCP Middleware
* Kubernetes 1.22 API changes
* Dropped support for Ingress API versions extensions/v1beta1
* Updated Traefik Proxy CRDs to use API apiextensions.k8s.io/v1
-------------------------------------------------------------------
Wed Jul 28 15:46:39 UTC 2021 - alexandre.vicenzi@suse.com
- Update to version 2.4.12:
* Get Kubernetes server version early
* Don't remove ingress config on API call failure
* Ratelimiter: use correct ttlSeconds value, and always call Set
* Check if defaultcertificate is defined in store
* Disable ExternalName Services by default on Kubernetes providers
* Fix: malformed Kubernetes resource names and references in tests
* Disable Cross-Namespace by default for IngressRoute provider
* Accesslog: support multiple values for a given header
* Ignore http 1.0 request host missing errors
* Headers Middleware: support http.CloseNotifier interface
* Detect certificates content modifications
* Update go-acme/lego to v4.4.0
* Fix: ACME preferred chain.
* Remove error when HTTProutes is empty
* Fix incorrect behaviour with multi-port endpoint subsets
* Kubernetes ingress provider to search via all endpoints
* Fix plugin unzip call on windows
* Update Yaegi to v0.9.17
* Bump paerser to v0.1.4
* Create buffered signals channel
* Fix: use defaultEntryPoints when no entryPoint is defined in a TCPRouter
* Use a dynamic buffer to handle client Hello SNI detection
* Error span on 5xx only
-------------------------------------------------------------------
Wed May 19 09:06:54 UTC 2021 - Bernhard Wiedemann <bwiedemann@suse.com>
- Allow to override build date with SOURCE_DATE_EPOCH
in order to make builds reproducible (boo#1047218)
-------------------------------------------------------------------
Thu Apr 29 10:07:36 UTC 2021 - alexandre.vicenzi@suse.com
- Update to version 2.4.8:
* Prepare release v2.4.8
* Raise errors for non-ASCII domain names in a router's rules
* Adding an option to (de)activate Pilot integration into the Traefik dashboard
* Doc: improve basic auth middleware httpasswd example
* Add missing `traefik.` prefix across sample config
* Fix travis docker image pulling for docs
* updating docs to remove a no longer needed note
* Update to gateway-api v0.2.0
* server: updating go-proxyproto with security bugfix from upstream
* Update go-acme/lego to v4.3.1
-------------------------------------------------------------------
Thu Jan 10 14:50:22 UTC 2019 - pgeorgiadis@suse.com
- Initial package release to version 1.7.7:
* Check for watched namespace before getting kubernetes objects
* Allow empty path with App-root annotation
* kubernetes: sort and uniq TLS secrets
* Skip TLS section with no secret in Kubernetes ingress

132
traefik2.spec Normal file
View File

@ -0,0 +1,132 @@
#
# spec file for package traefik2
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define project github.com/traefik/traefik
%ifarch ppc64 s390x
%define buildmode default
%else
%define buildmode pie
%endif
Name: traefik2
Version: 2.11.8
Release: 0
Summary: The Cloud Native Application Proxy
License: MIT
Group: Productivity/Networking/Web/Proxy
URL: https://traefik.io/
# set the desired version in the spec-file
# download the source files and create the vendor tarball with "osc service mr"
Source0: https://github.com/traefik/traefik/releases/download/v%{version}/traefik-v%{version}.src.tar.gz
Source1: vendor.tar.gz
Source2: traefik.service
Source3: traefik.toml
Source4: traefik-user.conf
BuildRequires: go-bindata
BuildRequires: golang-packaging
BuildRequires: systemd-rpm-macros
BuildRequires: sysuser-tools
BuildRequires: (golang(API) >= 1.22)
Recommends: podman
Provides: traefik = %{version}
Provides: group(traefik)
Provides: user(traefik)
%sysusers_requires
%{?systemd_requires}
%{go_provides}
%description
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer
that makes deploying microservices easy. Traefik integrates with your existing
infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul,
Etcd, Rancher, Amazon ECS) and configures itself automatically and dynamically.
Pointing Traefik at your orchestrator should be the only configuration step you need.
%prep
%setup -q -c %{name}-%{version} -b0 -a1
%build
%sysusers_generate_pre %{SOURCE4} %{name} traefik-user.conf
%{goprep} %{project}
# see script/generate
go generate
build_date=$(date -u -d @${SOURCE_DATE_EPOCH:-$(date +%%s)} +"%%Y%%m%%d")
# see script/binary
CGO_ENABLED=1 GOGC=off go build \
-buildmode=%{buildmode} \
-mod=vendor \
-ldflags "-X github.com/traefik/traefik/v2/pkg/version.Version=%{version} \
-X github.com/traefik/traefik/v2/pkg/version.Codename='' \
-X github.com/traefik/traefik/v2/pkg/version.BuildDate=${build_date}" \
-installsuffix nocgo \
-o traefik \
./cmd/traefik
%install
# system user
install -D -m 0644 %{SOURCE4} %{buildroot}%{_sysusersdir}/traefik-user.conf
install -d %{buildroot}/%{_sbindir}
install -D -p -m 0755 traefik %{buildroot}%{_bindir}/traefik
# service
install -D -p -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/traefik.service
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rctraefik
# configuration
install -D -p -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/traefik/traefik.toml
mkdir -p %{buildroot}%{_sysconfdir}/traefik/conf.d
# logging
mkdir -p %{buildroot}%{_localstatedir}/log/traefik
%pre -f %{name}.pre
%service_add_pre traefik.service
%post
%service_add_post traefik.service
%{fillup_only -n traefik}
# fix ownership for config and logging directory
chown -R traefik: %{_sysconfdir}/traefik %{_localstatedir}/log/traefik
%preun
%service_del_preun traefik.service
%postun
%service_del_postun traefik.service
%files
%{_sysusersdir}/traefik-user.conf
%license LICENSE.md
%doc README.md SECURITY.md CONTRIBUTING.md
%{_bindir}/traefik
%{_unitdir}/traefik.service
%{_sbindir}/rctraefik
%defattr(0660, traefik, traefik, 0750)
%dir %{_sysconfdir}/traefik
%dir %{_sysconfdir}/traefik/conf.d
%config(noreplace) %{_sysconfdir}/traefik/traefik.toml
%dir %{_localstatedir}/log/traefik
%changelog

3
vendor.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1a940589573b35b82656e441d5ea08d62a92c07dd4fefdcaef6fe117dde44957
size 23953542